Tuesday, July 10, 2007

Mega-soft = Canadian Pharmacy and now running on botnet

Started to receive some spam mails for Canadian Pharmacy, starting on address printlost.hk and has now moved to Mountchance.hk. Domain registrator is Hong Kong Domain Reseller, www.hkdnr.net. I will send them a new complaint, and then I can at the same time remind them about my complaint made a week ago regarding mega-soft.hk.

When looking at where the Mountchance.hk is hosted I noticed that the domain resolved to a range of different ip-adresses and with a TTL on only 5 minutes, which is typical when the site is actually not hosted on some specific server but being served from a botnet (probably a collection of compromised computers). I quickly took a look at mega-soft.hk too (use of same domain registrator made me suspecious) and found out that it runs on the same botnet too now. When looking at the html / javascript for mountchance.hk and mega-soft.hk I also found more similarities so I'm very convinced that we are talking about the same spammer behind the two sites.

The Canadian Pharmacy site refers to a support@canadianpharmsupport.com email. Canadianpharmsupport.com is also known for being a spamvertised domain

8 comments:

AlphaCentauri said...

Canadian Pharmacy not only sends massive amounts of spam, it uses massive numbers of different domains -- well over one thousand. Besides the rapidly changing IP numbers for the domains themselves, if you check the nameserver domain locations, you will find they also change every day or two. Registrar HKDNR has been shutting down lots of these sites, but they have quite a backlog and new ones keep showing up in the inbox. It's a active topic at the Kill Spammers forums at http://thecarpcstore.com/phpbb2/index.php , so it would be great if you want to drop in there to contribute your research as well.

Anonymous said...

support@canadianpharmsupport.com scammed me out of $245 for an order I never received. I contacted my credit card company but they said they needed to see some reply from the seller showing there was a dispute. However support@canadianpharmsupport.com would not reply to my queries, thus ensuring I could not get a credit card refund. Beware, scam, fraud , theft

Anonymous said...

miley cyrus nude [url=http://www.ipetitions.com/petition/mileycyrus]miley cyrus nude[/url] paris hilton nude [url=http://www.ipetitions.com/petition/parishilt]paris hilton nude[/url] kim kardashian nude [url=http://www.ipetitions.com/petition/kimkardashian45]kim kardashian nude[/url] kim kardashian nude [url=http://www.ipetitions.com/petition/celebst]kim kardashian nude[/url]

Anonymous said...

Hello gays, very cool forum!

Anonymous said...

mmesNG - Hallo guys :)

I'm new members of this site...

http://spamerus.info

Anonymous said...

mmesOE - hallo guys :D

http://spamerus.info

Anonymous said...

I love www.spaminmyinbox.com! Here I always find a lot of helpful information for myself. Thanks you for your work.
Webmaster of http://loveepicentre.com and http://movieszone.eu
Best regards

Anonymous said...

mmesOEG - hallo guys :D

http://spamerus.info